Cyber Risk Threat and Crisis Management SVP / C14
Background / Context:
This individual contributor role sits in Citi’s second line of defense (2LoD) – Risk \ Operational Risk Management (ORM) \ Technical Cyber Risk Office \ Enterprise Technical Cyber Risk Team \ Cyber Risk Threat and Crisis Management Team (CRTCM).
ORM consists of experienced professionals who provide subject matter expertise (SME) to objectively evaluate, independently oversee, and constructively advise first line of defense (1LoD) teams, governance, processes, and controls.
Focusing on the operational / “run” aspects of 1LoD operations, CRTCM serves as an authoritative body for providing independent review and assurance of 1LoD security operations, including threat intelligence, cyber / technical incident and crisis management, insider threat operations, cyber exercising / awareness. In collaboration with sister teams focused on the architecture and engineering / “build” aspects of 1LoD operations, CRTCM informs security architecture / engineering / dev ops.
Our mission is to drive comprehensive, consistent, efficient, and effective practices that identify, measure, monitor, report, and manage operational risks across the cyber domains. CRTCM recommends remediation of root causes and contributing factors to mitigate operational losses as well as to shift from people led- to process driven-programs.
This role will support an expansion of existing, 2LoD cyber and technology incident defense and response assessment and advancement activities. Doing so will enhance Citi’s efforts to mitigate client harm as well as impact to its reputation, operations, and regulatory / legal / financial standing, in line with Citi leadership and regulatory intent.
Key responsibilities:
Deliver both as an individual contributor and as a team lead for independent, 2LoD reviews of 1LoD activities, requiring planning, interviewing, documentary and metric review, thematic analysis, risk-based prioritization, report drafting, editing, briefing, negotiation and stakeholder engagement, and self- / team-management
Interpret and leverage data analytics of 1LoD qualitative and quantitative reporting (e.g., threat intelligence, cyber SIRTs, technology MIMs, fraud and loss capture system reports, etc.)
Assess metric / key indicator definitions and their effectiveness to identify cyber / technical risk themes, systemic security risks, insufficient controls, and gaps
Influence 1LoD remediation plan designs and assure their thorough implementations
Build, nurture, and leverage personal relationships across the three lines of defense
Serve as a cyber risk SME for CCAR scenarios and other scenario / exercise / training efforts
Provide input into ORM’s methodology and deliverables to strengthen our approach and impact (ex., internal governance documentation, cross-functional engagement management, etc.)
Provide inputs to and/or draft regulatory responses and internal reporting
Assess changes to the regulatory, emerging technology, and threat landscapes, communicating assessments to leadership through briefings, threat bulletins, or position papers
Provide and engage 360 feedback
Desired Experience:
Diverse experience (10+ years) with cyber and technology operations (ex., CISO / SOC operations, incident management, red team, vulnerability assessment, cyber exercises, data loss prevention, etc.)
DevSecOps + SecInfra
Vulnerability assessment and management
Configuration management
Secure system maintenance and protective technology
Cyber resilience + internal / external dependencies (preferred)
Mix of financial services sector and consultancy experience (preferred)
Relevant certifications (CISSP, CISM, or equivalent) (strongly preferred)
Risk assessments, controls design and testing, as well as corrective action planning
Experience working with industry standards and regulations (Financial Services Sector Cybersecurity Profile, ATT&CK, ISO, NIST, PCI-DSS, etc.)
Experiencing writing for, interfacing with, and influencing senior stakeholders
Technical proficiency in MS Office
-------------------------------------------------
Job Family Group:
Risk Management-------------------------------------------------
Job Family:
Operational Risk------------------------------------------------------
Time Type:
Full time------------------------------------------------------
Primary Location:
New York New York United States------------------------------------------------------
Primary Location Salary Range:
$164,310.00 - $246,460.00------------------------------------------------------
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View the "EEO is the Law" poster. View the EEO is the Law Supplement.
View the EEO Policy Statement.
View the Pay Transparency Posting
-----------------------------
Effective November 1, 2021, Citi requires that all successful applicants for positions located in the United States or Puerto Rico be fully vaccinated against COVID-19 as a condition of employment and provide proof of such vaccination prior to commencement of employment.
-
Join our team
of 220,000+
strong diverse employees -
Socially minded employees volunteering in communities across 90 countries
-
Meaningful career opportunities thanks to a physical presence in over 95 markets
We foster a culture that embraces all individuals and encourages diverse perspectives, where you can make an impact and grow your career. At Citi, we value colleagues that demonstrate high professional standards, a strong sense of integrity and generosity, intellectual curiosity, and rigor. We recognize the importance of owning your career, with the commitment that if you do, we promise to meet you more than half way.
Featured Career Areas
Saved Jobs
You have no saved jobs
Previously Viewed Jobs
You have no viewed jobs